POSITION INFORMATION MANAGEMENT SYSTEM 



TECHNICAL FIELD 

The present invention relates to a position 
5 information management system for managing position 

information of a mobile body that can utilize the position 
information while securing the protection of the privacy 
related to the position information of the mobile body. 
BACKGROUND ART 

10 A position information utilizing system for providing 

various services utilizing position information obtained 
by measuring the location of a mobile body (for example, 
longitude and latitude ) is known. Here, a mobile body means 
what is movable including a human, an animal, a vehicle, 

15 an article etc. 

Fig. 17 is a diagram showing an example of the structure 
of a position information utilizing system. In Fig. 17, 
the position information utilizing system is structured 
comprising a terminal ( for example, a mobile phone terminal 

20 with a GPS function) carried by a mobile body and having 
functions for measuring the location of the mobile body 
and for transmitting the position information measured, 
and a position information service center (for example, 
a server providing Web-sites on the Internet) for receiving 

25 the position information from the terminal of the mobile 
body through a network and providing various services to 
the terminal utilizing the position information. 
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The various services include, for example, (1) a 
navigation service for guiding a mobile body such as a human 
or a vehicle to its destination, (2) an area-information 
providing service for providing information on a town (the 
5 positions of stores, restaurants, etc) near the location 
of a mobile body, (3) an emergency notice service for 
notifying the location of a mobile body in an emergency 
such as an accident, (4) a mobile body position management 
service for managing the location of a mobile body such 

10 as an old per son, a child or a staff member and (5) a tracking 
service for tracking and monitoring the position of an item 
such as an article on the way of delivery. 

However, there is a problem in the conventional 
position information management system as follows. That 

15 is, since the position information transmitted from a 
terminal of a mobile body is send out to a position 
information service center in a readable format, the 
position information service center can utilize freely the 
position information of the mobile body. Even when the 

20 position information is encrypted for prevention of tapping 
or for compression in the communication between the 
terminal and the position information service center, such 
encryption is not executed a gainst the position information 
service center since the position information service 

25 center can decrypt the encrypted position information. 

Therefore, when the mobile body is, for example, a 
human, the location of the person becomes apparent to the 
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position information center and this gives rise to a problem 
in terms of privacy. 

DISCLOSURE OF THE INVENTION 
5 It is therefore the object of the present invention 

to provide a position information management system capable 
of protecting the privacy related to the location of a mobile 
body • 

A position information management system of the 

10 invention for achieving the above object is a position 
information management system for managing position 
information of at least one (1) mobile body, comprising 
a terminal for measuring the position of the mobile body, 
encrypting the measured position information with a 

15 predetermined encryption means and transmitting the 

encrypted position information, and a position recording 
apparatus for recording the position information in the 
encrypted state. 

In this manner, the position information measured by 

20 the terminal of the mobile body is encrypted by the 
encryption means specific to the mobile body and 
transmitted to the position recording center. The 
position recording apparatus accumulates position 
information of each mobile body in the encrypted state. 

25 The mobile body or the position information service center 
providing predetermined position information services to 
the mobile body can not decrypt other person's position 
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information recorded by the position recording apparatus 
without the permission of the person. Therefore, it is 
possible to manage the position information of the mobile 
body without infringing the privacy of the mobile body. 
5 Furthermore, high-level security can be secured since the 
position recording apparatus itself can not decrypt the 
accumulated posit ion information without obtaining the key 
for decryption from the mobile body. 

10 BRIEF DESCRIPTION OF DRAWINGS 

Fig. 1 is a diagram showing an example of the structure 
of a position information management system according to 
an embodiment of the inventions- 
Fig. 2 is a diagram showing an example of encryption 
15 of position information; 

Fig. 3 is a transmitting operation flowchart of 
position information at a terminal 10; 

Fig. 4 is a schematic process flowchart for a position 
recording center 20; 
20 Fig. 5 is a schematic diagram of a mode of use 1 of 

theposition management system according to the embodiment ; 
Fig. 6 is a process flowchart of the mode of use 1; 
Fig. 7 is a schematic diagram of a mode of use 2 of 
the position management system according to the embodiment ; 
25 Fig. 8 is a process flowchart of the mode of use 2; 

Fig. 9 is a schematic diagram of a mode of use 3 of 
the position management system according to the embodiment ; 
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Fig. 10 is a process flowchart of the mode of use 3; 

Fig. 11 is a schematic diagram of a mode of use 4 of 
the position management system according to the embodiment ; 

Fig, 12 is a process flowchart of the mode of use 4; 
5 Fig. 13 is a schematic diagram of a mode of use 5 of 

the position management system according to the embodiment; 

Fig. 14 is a process flowchart of the mode of use 5; 

Fig. 15 is a schematic diagram of a mode of use 6 of 
the position management system according to the embodiment ; 
10 Fig. 16 is a process flowchart of the mode of use 6; 

and 

Fig . 1 7 is a diagram showing an example o f the structure 
of a position information utilizing system. 



15 BEST MODE FOR CARRYING OUT THE INVENTION 

An embodiment of the invention will be described with 
reference to the drawings. However, the technical scope 
of the invention is not intended to be restricted to the 
embodiment . 

20 Fig. 1 is a diagram showing an example of the structure 

of a position information management system according to 
an embodiment of the invention. In Fig. 1, the position 
information management system according to the embodiment 
comprises a terminal 10 (for example, a mobile phone 

25 terminal with a GPS function) carried by a mobile body and 
having functions for measuring the location of the mobile 
body and for transmitting the position information measured. 
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and a position recording center 20 (position recording 
apparatus) for receiving and accumulating the position 
information and, depending on the form of use, may further 
comprise a position information service center 30. 

5 

<Structure of the Terminal 10> 

The terminal 10 comprises a positioning unit 101, a 
clock unit 102, an encryption unit 103, a decryption unit 
104, an input unit 105, an output unit 106, a personal 

10 authentication unit 108, a transmitting/receiving unit 107 
and a control unit 10 9. The positioning unit 101 positions 
the current position of the terminal 10. The timing for 
measurement is controlled by the control unit 109 based 
on the settings and instructions inputted from the clock 

15 unit 102 and the input unit 105. 

For measuring the current position, there are some 
methods such as, for example, (1) GPS (Global Positioning 
System) using radio wave from artificial satellites or a 
positioning method using radio wave from a plurality of 

20 places, (2) a self-sustaining navigation method in which 
the directions and distances of the move are integrated 
usingadi recti on sensorsuchasagyro and a velocity sensor, 
(3) a hybrid method in which (1) and (2) are combined, (4) 
amethod (the Publication of the Japanese Unexamined Patent 

25 Application No. 1988-010300) in which an apparatus having 
a function for identifying its position is placed in advance 
at the position to be measured and (5) a method utilizing 



the position of base stations for PHS (Personal Handy Phone 
System) or mobile phones. 

The position coordinates of the current position 
obtained by the positioning unit 101 may be expressed in 
5 the following formats. 

* Longitude and latitude :ex.) (N3 5.123.456,E130.123.456) 

* Displacement from a designated datum point (longitude 
and latitude) : 

ex.) with the datum point (N35 . 123 . 456, E130 . 123 . 456) , 
10 displacement is (+0.234.567, -0.123.456) or (direction; 
130 degrees, distance xxx meters) . 

The clock unit 102 measures and accumulates time and 
outputs the time of measurement, at which the current 
position is measured by the positioning unit 101. The clock 
15 unit 102 is also used for controlling the timing for the 
positioning unit 101 and the transmitting/receiving unit 
108 . 

The encryption unit 103 encrypts position information 
including the position coordinates of the current position 

20 measured by the positioning unit 101. The position 

information preferably includes the time of the measurement 
corresponding to each position coordinate. For the 
encryption of the position information, there are methods, 
for example, as follows. 

25 * Encryption of only position coordinates without 
encrypting the time of measurement. 

* Encryption of a combination of a position coordinate and 
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the time of measurement as one item, 

* Encryption of a plurality pieces of position information 
(combinations of position coordinates and the time of 

measurement ) altogether. 
5 Fig. 2 is a diagram showing an example of encryption 

of position information. The encryption unit 103 encrypts 
position information using a public key cryptosystem or 
a private key cryptosystem. The public key cryptosystem 
is a cryptosystem in which data is encrypted and decrypted 

10 using paired two (2) keys, and is also referred to as 
asymmetric encryption. The private key cryptosystem is 
a cryptosystem in which a same key is used for encryption 
and decryption, and is also referred to as "shared key 
cryptosystem" and "compatible key cryptosystem". 

15 The encryption unit 103 may be adapted to be able to 

designate and change the encryption method, for example, 
as follows in addition to the case where one encryption 
method is always used. 

* Encryption method used is changed according to time . For 
20 example, an encryption method A is used for encrypting from 

8:00 a.m. to 5:00 p.m. and an encryption method B is used 
for encrypting during the time except that. 

* The encryption method used is changed depending on the 
place to use it. For example, an encryption method A is 

25 used for encrypting when an mobile body is present in a 
certain area and an encryption method B is used for 
encrypting when it is present in other areas. 



* The encryption method used is changed depending on the 
time and the place to use it. For example, an encryption 
method A is used for encrypting when an mobile body is present 
in a certain area at a certain time and an encryption method 

5 B is used for encrypting when it is present in other areas 
at another time. 

* The encryption method used is changed depending on the 
designation oftheuser. For example, an encryption method 
A is changed to encryption method B by the designation from 

10 the user. 

In those cases, manners for changing the encryption methods 
are as follows. 

* Only the encryption key is changed without changing the 
type of the public key cryptosystem or the private key 

15 cryptosystem used. 

* The type of the public key cryptosystem or the private 
key cryptosystem used is changed. 

By changing the encryption method depending on the 
time, places or user's designation as described above, the 

20 user can designate the time and the place at which the 
position information may be known by others in each mode 
of use of a position information management system 
according to an embodiment described later. 

The decryption unit 104 decrypts the position 

25 information encrypted by the encryption unit 103 and 
converts the position information into a readable format. 
The input unit 105 is a unit for the user to execute various 



setting and inputting operations to the terminal 10 . . There 
are setting and inputting operations as follows as 
examples , 

* Setting of the timing of measurement.. 

5 * Setting of the timing of transmitting the position 
information . 

* Setting of whether to transmit/not to transmit, the 
position information 

* Setting of the selection of position information service 
10 centers* 

* Setting of the encryption method used. 

* Inputting of transmission order. 

* Inputting of transmission permission of the encryption 
key . 

15 The output unit 106 outputs various kinds of 

information from the terminal 10. The information 
outputted is, for example, as follows. 

* Measured position information. 

* Information received from the position recording center 
20 2 0 . 

* Information received from the position information 
service center. 

* Values to be set at the terminal 10. 

The transmitting/receiving unit 107 transmits and 
25 receives various kinds of information between the terminal 
10 and the position recording center 20, or between the 
terminal 10 and the position information center 30, using 



networks such as the Internet and the public telephone 
network. The timing to transmit is controlled by the 
control unit 109. 

The personal authentication unit 108 authenticates 
5 the user bearing the terminal 10. The methods for 

authentication of a person are, for example, as follows. 

* A method in which a user ID and a password arei used. 

* A method in which biometrics such as a finger print or 
an iris are used. 

10 It is possible to prevent another person from 

disinforming the position information using the terminal 
10 by the personal authentication unit 108. Only in the 
case where the personal authentication is successfully 
completed, it is possible to encrypt the position 

15 information and transmit the encrypted position 
information. The timing to request the personal 
authentication is controlled by the control unit 109. 

The control unit 109 controls the positioning unit 
101, the clock unit 102, the encryption unit 103, the 

20 decryption unit 104, the input unit 105, the output unit 
106, the transmitting/receiving unit 107, personal 
authentication unit 108 etc. There are controls of the 
control unit 109, for example, as follows. 

* Timing control of positioning. 
25 * Timing control of encryption. 

* Control of whether to permit or not to permit and timing 
control of transmission of a position. 
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* Control of encryption method used. 

A memory 110 stores various data- The information 
to be memorized is, for example, as follows, 

* Position information measured by the positioning unit 
5 101 . 

* A key for encryption by the encryption unit 103. 

* Setting data for control of the control unit 109. 

* Buffer data at the input unit 105, output unit 106 and 
transmit ting/ receiving unit 107. 

10 * Data for personal authentication at the personal 
authentication unit 108. 

Fig. 3 is a transmitting operation flowchart of the 
position information at the terminal 10. In Fig. 3, the 
personal authentication unit 108 executes personal 

15 authentication with pr edet ermine d per sonal authentication 
information (for example, a user ID and a pas sword) inputted 
by the user from the input unit 105. When the personal 
authentication has been successfully completed (530) , the 
positioning unit 101 measures the current position at a 

20 predetermined timing (531) . The encryption unit 103 

encrypts the position information (including at least the 
measured position coordinates and, preferably, further 
includes the time of the measurement) (S32). When the 
encrypted position information is transmitted (S33), the 

25 transmitting/receiving unit 107 transmits the encrypted 
position information (S34). 
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<Structure of the Position Recording Center 20> 

In Fig. 1, the position recording center 20 comprises 

an encrypted position information database 201, a 

registration unit 202, an acquisition unit 203, a 
5 transmitting/receiving unit 204, a temporary memory 205, 

a decryption unit 206, an erasing unit 207 and a position 

information process unit 208. 

The encrypted position information database 201 

stores/records the encrypted position information 
10 received from the terminal 10 separately for each user in 

the encrypted state. The encrypted position information 

database 201 may further store the follow information. 

* User information such as the attribute, preference, 

history of each user. 
15 * The result of the process by the position information 

process unit 208 if permitted. 

Since the position information stored in the encrypted 
position information database 201 is encrypted as described 
above, the position recording center 20 itself can not 

20 decrypt the encrypted position information as far as it 
has not obtained the encryption key from the mobile body 
(user) . Therefore, it is possible to accumulate and record 
the position information of the mobile body without 
infringing the privacy of the mobile body and, as described 

25 later, itis possible to provide various services utilizing 
the accumulated position information, protecting the 
privacy of the mobile body. 
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The registration unit 202 registers the encrypted 
position information received from the terminal 10 into 
the encrypted position information database 201. The 
acquisition unit 203 acquires (reads out) the encrypted 
5 position information from the encrypted position 

information database 201 in response' to an encrypted 
position information acquisition request from the terminal 
10 or the position information service center 30. At this 
moment, the acquisition unit 203 determines whether the 

10 originator of the request is the terminal 10 or the position 
information service center 30 permitted by the user 
him/herself being the target of the encrypted position 
information, and acquires the encrypted position 
information only when it is permitted to do so. The 

15 determination is executed with, for example, the ID of the 
terminal 10 or the position information service center 30, 
contained in the request. 

The transmitting/receiving unit 204 transmits and 
receives various kinds of information between the position 

20 recording center 20 and the terminal 10 or between the 
position recording center 20 and the position information 
service center 30. Networks such as the Internet and the 
public telephone lines may be utilized for the 
communication . 

25 The temporary memory 205 stores temporarily various 

kinds of information. The information stored in the 
temporary memory 205 can not be read out for any uses except 



the designated ones. The information stored in the 
temporary memory 205 is, for example, as follows. 

* The encrypted position information acquired by the 
acquisition unit 203 from the encrypted position 

5 information database 201. 

* The encryption key received from the terminal 10. 

* The position information decrypted by the decryption unit 
206 . 

* The result of the information process executed by the 
10 position information process unit 207 based on the 

decrypted position information. 

An erasing unit 207 erases the information stored in 

the temporary memory 205 and causes the decrypted position 

information and the encryption key not to remain in the 
15 position recording center 20 and/or not to be re-utilized 

for other objectives. 

The position information process unit 208 executes 

various processes based on the encrypted position 

information or decrypted position information. The 
20 processes executed by the position information process unit 

208 are, for example, as follows. 

* A process for sending the encrypted position information 
acquired from the encrypted position information database 
201, to another designated terminal or a designated 

25 position information service center. 

* A process for decrypting, under the permission of the 
user, the encrypted position information acquired from the 
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encrypted position information database 201, and for 
sending the decrypted position information to another 
terminal or a designated position information service 
center. 

5 * A process for decrypting, under the permission of the 
user, the encrypted position information acquired from the 
encrypted position information database 201, sending the 
decrypted position information to a designated position 
information service center, acquiring an information 
10 service from the position information service center and 
sending the result of acquisition to the terminal. 

* A process for obtaining information services from a 
plurality of position information service centers and 
sending the information services to the information 

15 terminal after compiling them. 

* A process for decrypting, under the permission of the 
user, the encrypted position information acquired from the 
encrypted position information database, processing the 
decrypted position information and sending the result of 

20 the process to the user or a designated terminal. 

* Aprocess f or , in r espons e to a query f r om out s ide , relating 
to the owner of position records, decrypting, under the 
permission of the target of the query, the encrypted 
position information obtained from the encrypted position 

25 information database 201, processing the decrypted 

position information, and creating and issuing a response 
to the query. 
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* A process for, when decryption of the encrypted position 
information is permitted by a plurality of users, 
processing position information of the plurality of users 
and sending the result of the process to the users or a 
5 designated terminal. 

Fig . 4 is a schematic process flowchart for the position 
recording center 20. In the position recording center 20, 
when the encrypted position information is received from 
the terminal 10 (340) , the registration unit 202 registers 

10 the encrypted position information into the encrypted 
position information database 201 (S41) . Similarly, when 
a request for processing the encrypted position information 
is received from the terminal 10 or the position information 
service center 30 (342), the acquisition unit 203 

15 determines whether to permit/not to permit the process 
(343). In the case where the process is permitted, the 
acquisition unit 203 acquires the requested encrypted 
position information from the encrypted position 
information database 201 (344). In the case where the 

20 acquired encrypted position information is directly 

transmitted to the originator of the request (the terminal 
10 or the position information service center 30) (345), 
the acquired encrypted position information is transmitted 
as the response (346) . Inother cases (when a predetermined 

25 process is applied to the encrypted posit ion information) , 
the decryption unit 206 decrypts the acquired encrypted 
position information (347), the position information 



processing unit 208 executes a predetermined process to 
the decrypted position information (S48) and the result 
of the process is transmitted to the originator of the 
request (S49) . 

5 

<Mode of uses> 

Mode of uses of the position information system 
according to the embodiment of the invention will be 
described • 

10 

(Mode of use 1) 

A mode of use 1 is a case where a user being a mobile 
body takes out from the position recording center 20 and 
utilizes the user's own position information/past trace. 
15 Fig. 5 and 6 show the flowcharts of the process for the 
case. In the mode of use 1, the user him/herself utilizes 
his/her own position information. Specific examples of 
the use are as follows. 

* To confirm the position to or traces on which the user 
20 moved written in the user ' s diary, in a travel or a mountain 

cl imbing . 

* To find out the place where the user was at a designated 
time on a designated day. 

Referring to Fig. 5, Fig. 6 will be described. First, 
25 a request for acquiring the encrypted position information 
of the user him/herself for a predetermined time or a 
predetermined time period is transmitted from the terminal 
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10 to the position recording center 20 (S60) . The position 
recording center 20 permits the request for the process 
when the user him/herself has requested his/her own 
position information. Having received the request, the 
5 center 20 acquires from the encrypted position information 
database 201 the encrypted position information 
corresponding to the user ID contained in the request for 
the predetermined time or a predetermined time period, and 
transmits the acquired information to the terminal 10 as 

10 the response (S61) . The terminal 10 decrypts the received 
encrypted position information (S62) and the user utilizes 
the position information (S63). 

As described above, each mobile body can obtain its 
own past positions since the history of the position 

15 information for each mobile body is accumulated in the 
position recording center 20. The privacy of the mobile 
body can be protected since the position information is 
accumulated and transmitted in the encrypted state. 

20 (Mode of use 2) 

A mode of use 2 is a case where a user B being another 
user than a user A utilizes the position information of 
the user A. That is, position information/trace 
information is shared in a group/ community (among a 

25 plurality of users) . Fig. 7 is a schematic diagram of the 
mode of use 2 and Fig. 8 is its process flowchart. The 
characteristic of the mode of use 2 is that the user B can 



decrypt the encrypted position information of the user A 
by transmitting the encryption key to the terminal 10 of 
the user B from the user A, 

Specific examples of the mode of use for the above 
5 case are as follows. 

* To display on each other ' s terminal each other ' s position 
between friends. 

* To manage positions where the staff members of a company 
are . 

10 Referring to Fig . 1, Fig. 8 will be described . First, 

transmission permission information has been transmitted 
in advance from a terminal IDA of the user A to the position 
recording center 20, which permits the center 20 to transmit 
the encrypted position information of the user A to the 

15 terminal lOB of the user B (S80) . The position recording 
center 20 stores the transmission permission information 
in a predetermined storage apparatus. The transmission 
permission information includes predetermined 
transmission permission conditions such as the time period 

20 during which the transmission is permitted. Then, the 
encryption key for decrypting the encrypted position 
information of the user A (the encryption key stored in 
the terminal lOA) is transmitted from the terminal lOA of 
the user A to the terminal lOB of the user B (A81) . The 

25 terminal lOB of the user B transmits a request for obtaining 
the encrypted position information of the user A for a 
predetermined time or a predetermined time period (A82) . 

20 



Having received the request for the process, the position 
recording center 20 determines whether to permit or not 
the transmi ssion based on the above transmission permi ss ion 
information from the user A, In the case where the 
5 transmission is permitted, the center 20 obtains the 
encrypted position information of the user A from the 
encrypted position information database 201 and transmits 
it to the terminal lOB of the user B (S83) . Having received 
the encrypted position information, the terminal lOB 

10 decrypts the encrypted position information using the 
encryption key from the terminal lOA (S84) . Then, the user 
B utilizes the decrypted position information ( S 8 5 ) . When 
the terminal lOB further requests the encrypted position 
information of the user A (S86), the process returns to 

15 Step S82. 

In this manner, the position recording center 20 does 
not transmit the position information of the user A to 
another user B as far as there is no permission from the 
user A. Furthermore, user B can not decrypt the position 
20 information of the userAas far as the user Bhas not obtained 
the encryption key from the user A since the position 
information is encrypted. Therefore , no unauthorized user 
can know any position information and the position 
information can be shared among a plurality of users. 

25 

(Mode of use 3) 

A mode of use 3 is a case where a- user utilizes the 

21 



position information service center 30. Fig, 9 is a 
schematic diagram of the mode of use 3 and Fig. 10 is its 
process flowchart. The characteristic of the mode of use 
3 is that a user has delivered his/her encryption key to 
5 the position information service center 30 and decryption 
of the encrypted position information is executed by the 
position information service center 30. 

Specific examples of the use of the mode of use 3 are 
as follows. 

10 * To receive provision of position information services 
(for example, information about a town created utilizing 
the current position information) from the position 
information service center 30. 
* Emergency notice service. 

15 Referring to Fig . 9, Fig. 1 0 wi 11 be described . First, 

a request for a predetermined position information service 
is transmitted from the terminal 10 of a user to the position 
information service center 30 (SlOO) . At this moment, the 
encryption key of the terminal 10 of the user is transmitted 

20 together with the request for the position information 
service. Furthermore, transmission permission 
information is transmitted from the terminal 10 of the user 
to the position recording center 20, which permits the 
position information service center to transmit the 

25 encrypted position information of the user (SlOl) . The 
position recording center 20 stores the transmission 
permission information in a predetermined storage 



. apparatus. The transmission permission information 
includes predetermined transmission permission conditions 
such as a time period during which the transmission is 
permitted. The position information service center 30 
5 transmits a request for acquiring the encrypted position 
information of the user for a predetermined time (including 
thepresent) or a predetermined time per iod (S102) . Having 
received the request, the position recording center 20 
acquires the encrypted position information of the user 

10 from the encrypted position information database 201 after 
^ confirming the above transmission permission information 
from the user, and transmits the acquired information to 
the position information service center 30 (S103) . Having 
received the encrypted position information, the position 

15 information service center 30 decrypts the encrypted 
position information using the encryption key from the 
terminal 10 and executes a predetermined process (S104) . 
For example, the position information service center 30 
acquires the current position of the user and executes a 

20 retrieving process of information about stores around the 
position. The position information service center 30 
transmits the result of the process to the terminal 10 ( S 1 05 ) . 
When the position information service center 30 further 
requests the encrypted position information of the user 

25 (S106), the process returns to Step S102. 

Since the position recording center 20 transmits only 
the position information permitted by the user (mobile 
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body) to the position information service center 30 as 
described above, the user can receive the provision of the 
services of the position information service center 30 
while the position information of the user is not known 
5 without any restriction. 

(Mode of use 4) 

In a mode of use 4, the terminal 10 of the user receives 
the result of the process executed to the information based 

10 on the position information of the terminal 10 itself, from 
the position recording center 20. The user sends its 
encryption key to the position recording center 20. The 
.decryption unit 206 of the position recording center 20 
decrypts the encrypted position information. Then, the 

15 position information processing unit 208 of the position 
recording center 20 executes a process using the decrypted 
position information and sends the result of the process 
to the terminal 10. Fig. 11 is a schematic diagram of a 
mode of use 4 and Fig. 12 is a process flowchart of the 

20 mode of use 4. 

The position information processing unit 208 of the 
position recording center 20 executes processes such as 
a statistical process of the position information/ trance 
information recorded in the encrypted position information 

25 database 201. 

Specific examples of the process contents/use are as 
follows . 



* Tocalculatethe number of times of visits and the frequency 
of visits for each place, from the position information 
until the present. 

* To calculate the time necessary for designated courses. 
5 * To calculate the date at, the time at and the time period 

for which the user was at a designated place. 

Referring to Fig . 11, Fig. 12 will be described . First, 
a request for a predetermined position information process 
is transmitted from the terminal 10 of the user to the 

10 position recording center 20 (S120) . At this moment, the 
encryption key of the terminal 10 of the user is transmitted 
together with the request for the position information 
process. The position recording center 20 stores the 
received encryption key in its temporary memory 205 (S121 ) . 

15 The acquisition unit 203 of the position recording center 
20 acquires the encrypted position information of the user 
designated by the request for the process . The decryption 
unit 206 decrypts the encrypted posit ion information using 
the encryption key stored in the temporary memory 205 and 

20 stores the decrypted position information in the temporary 
memory 205 (S122). The position information processing 
unit 208 of the position recording center 20 reads out the 
decrypted position information from the temporary memory 
205, executes a predetermined process (S123) and transmits 

25 the result of the process to the terminal 10 after storing 
the result of the process in the temporary memory 205 (S124) . 
After transmitting the result of the process, the erasing 
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unit 207 of the position recording center 20 erases each 
of the data of encryption key, the decrypted position 
information and the result of the process stored in the 
temporary memory 205 (S125) . 
5 Since the position recording center 20 decrypts the 

encrypted position information, executes the 
predetermined process and transmits the result of the 
process to the terminal 10 of the user as described above, 
the terminal 10 needs not to have a function for processing 

10 the position information and the structure of the terminal 
10 can be simplified. 

Furthermore, even when the encrypted position 
information is decrypted in the position recording center 
20, the position recording center 20 erases the encryption 

15 key, the decrypted position information and the result of 
the process, after the process. Therefore, the privacy 
of the mobile body (user) has no possibility of being 
infringed in the position recording center 20. In a mode 
of use 5 and 6 described as follows, the position recording 

20 center 20 also decrypts the encrypted position information . 
However, similarly to the above, the privacy of the mobile 
body (user) can be protected by erasing the information 
relating to the privacy of the mobile body (user) . 



25 (Mode of use 5) 

In the mode of use 5, the position recording center 
20 is utilized as a mediator when the user utilizes the 
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position information services. The difference of this 
mode of use from the mode of use 3 is that the encryption 
key is sent to the position recording center 20 and the 
encrypted posit ion information is decrypted in the position 
5 recording center 20. Fig. 13 is a schematic diagram of 
the mode of use 5 and Fig. 14 is its process flowchart. 

The user may designate directly a position information 
service center 30 that the user would like to use, or may 
designate only the position information service that the 
10 user would like to obtain without designating any position 
information service center and the position recording 
center may select a position information service center. 

The position recording center 20 may send the result 
of the use of the position information service center 30 
15 to the information terminal of the user without changing 
its format, or may send the result of compilation of the 
results of the use. 

Specific examples of the use of the mode of use 5 are 
as follows . 

20 * To know the information about a town around the current 
position . 

* To know the sightseeing courses around the current 
position . 

Referring to Fig. 13, Fig. 14 will be described. First, 
25 a request for a predetermined position information service 
to the position information service center 30 is 
transmitted from the terminal 10 of the user to the position 
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recording center 20 (S140) . At this moment, the encryption 
key of the terminal 10 of the user is transmitted together 
with the request for the position information service. The 
position recording center 2 0 stores the received encryption 
5 key in its temporary memory 205 (S141) • The acquisition 
unit 203 of the position recording center 20 acquires the 
encrypted position information of the user designated by 
the request for the service. The decryption unit 206 
decrypts the encrypted position information using the 

10 encryption key stored in the temporary memory 205 and stores 
the decrypted position information in the temporary memory 
205 (S142) • The position information processing unit 208 
of the position recording center 20 reads out the decrypted 
position information from the temporary memory 205, and 

15 transmits the decrypted position information and the above 
request for the position information service to the 
position information service center 30 (S143). The 
position information service center 30 executes a service 
process in response to the received position information 

20 and returns the result of the process as a response to the 
position recording center 20. The position recording 
center 20 transmits the result of the process to the terminal 
10 after storing the result of the process in the temporary 
memory 205. (5144) . After transmitting the result of the 

25 process, the erasing unit 207 of the position recording 
center 20 erases each data of the encryption key, the 
decrypted position information, the result of the process 



stored in the temporary memory (S145) . 

Since the position recording center 20 decrypts the 
encrypted position information and uses, substituting for 
the user, the position information service center 30 as 
5 described above, the mobile body (user) can utilize the 
position information service center 30 without informing 
the position information service center 30 of its name. 

Furthermore, since the position recording center 20 
makes an access to a plurality of position information 

10 service centers 30 substituting for the mobile body (user) 
when the mobile body would like touse apluralityof position 
information service centers 30, the user can use the 
plurality of the position information service centers by 
making an access to only one (1) of the position recording 

15 center 2 0 . 

(Mode of use 6) 

In the mode of use 6, the position recording center 
20 creates a response based on the position information 

20 that the position recording center 20 has recorded, in 
response to a querying request relating to the position 
of a mobile body (user) , from a third party, and transmits 
the response to the third party. Since the position 
recording center 20 records the encrypted position 

25 information unchangeably, it functions as a guarantee 
apparatus guaranteeing the position of the mobile body 
(user) . The response to the third party may be in a form 
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of, for example, an issuance of a warranty or a certificate. 
Fig. 15 is a schematic diagram of the mode of use 6 and 
Fig. 16 is its process flowchart. 

Specific examples of the querying request and the 
5 response are as follows. The querying request is issued 
at the conclusion of a contract such as sales/purchase, 
loan, employment etc . For example, they are the case where 
a user concludes a sales/purchase agreement or a loan 
agreement with a third party, where a third party confirms 
10 the address of a user, where a user concludes an employment 
agreement with a third party, where a third party confirms 
the educational background and the professional experience 
of a user etc. 

Queries 

15 a) Would like to know the current position of a mobile body 
(user) . 

b) Would like to know whether a mobile body is/was at the 
place queried. 

c) Would like to know the place where a mobile body was 
20 on a date and at a time queried. 

d) Would like to know the data on and the time at which 
a user was at a designated place. 

e) Would like to know whether a mobile body was at the place 
queried on the data queried at the time queried. 

25 f) Would like to know whether or not the address and the 
work place that a user has declared are correct, 
g) Would like to know whether or not the resume of a user 
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is correct. 

Responses: 

a) Response with the current position of the tar get ed mobi le 
body . 
5 b) Yes/No. 

c) Response with the place where the mobile body was at 
the time queried. 

d) Response with the data on and the time at which the user 
was at the place queried. 

10 e) Yes/No. 

f ) For example, the address may be determined to be correct 
if the tar ge ted mobi le body (user) frequently stays at the 
place having the address in the middle of the night. 
Similarly, the work place is determined to be correct if 

15 the targeted mobile body frequently goes to the place having 
the address of the workplace in the daytime. 

g) For example, it is determined to be correct that the 
user went to a school if the user frequently went to a place 
where the school is during the time period in which the 

20 user should have been going to the school. 

Referring to Fig. 15, Fig. 16 will be described. a 
third party transmits a request for querying a position 
of a user from its terminal IOC to the position recording 
center 20 (S160) . Having received the request for querying 

25 the position, the position recording center 20 notifies 
the terminal lOA of the user that there has been a request 
for querying the position from the third party. Having 
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received the notice, the terminal 10 of the user transmits 
its encryption key to the position recording center 20 in 
the case where the terminal 10 permits the center 20 to 
respond to the request. The position recording center 20 
5 stores the received encrypted key in the temporary memory 
205 (S161) . 

The decryption unit 206 of the position recording 
center 20 decrypts the encrypted position information 
corresponding to the request for querying the position, 

10 using the encryption key stored in the temporary memory 
205, and stores the decrypted position information in the 
temporary memory 205 (S162). The position information 
processing unit 208 creates a response to the request for 
querying the position based on the decrypted position 

15 information (S163) and notifies the terminal IOC of the 
third party of the response (S164) . The response may be 
notified, for example, as a warranty issued by the position 
recording center 20. After notifying the response, the 
erasing unit 207 of the position recording center 20 erases 

20 each data of the encryption key, decrypted position 

information and the response stored in the temporary memory 
205 (S165) . 

Since the encrypted position information accumulated 
in the position recording center 20 can not be altered as 
25 described above, the position recording center 20 can 
provide a guarantee function utilizing the position 
information . 



The scope of the invention to be protected is not 
limited to the above embodiment and covers the inventions 
according to the following claims and their equivalents. 

5 INDUSTRIAL APPLICABILITY 

As set forth hereinabove, according to the invention, 
the position information measured by a terminal of a mobile 
body is encrypted and transmitted to a position recording 
center. Then, the position recording center accumulates 

10 the position information of each mobile body in the 
encrypted state. The mobile body, and a position 
information service center providing predetermined 
position information services can not decrypt the position 
information of a person stored in a position recording 

15 apparatus without the permission of the person. Therefore, 
it is possible to manage the position information of the 
mobile body without infringing the privacy of the mobile 
body. Furthermore, high-level security can be secured 
since the position recording apparatus itself can not 

20 decrypt the accumulated position information without 
obtaining the encryption key from the mobile body. 
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